Bug 1322400 - Add content-exposed GC and CC functions to fuzzing builds. r=smaug

MozReview-Commit-ID: 5iV4RDZxZIl

--HG--
extra : rebase_source : bd350d5ffdc4702199edab8c8549d7880182e99c

dom/base/FuzzingFunctions.cpp

@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "FuzzingFunctions.h"
+
+#include "nsJSEnvironment.h"
+#include "js/GCAPI.h"
+
+namespace mozilla {
+namespace dom {
+
+/* static */ void
+FuzzingFunctions::GarbageCollect(const GlobalObject&)
+{
+  nsJSContext::GarbageCollectNow(JS::gcreason::COMPONENT_UTILS,
+                                 nsJSContext::NonIncrementalGC,
+                                 nsJSContext::NonShrinkingGC);
+}
+
+/* static */ void
+FuzzingFunctions::CycleCollect(const GlobalObject&)
+{
+  nsJSContext::CycleCollectNow();
+}
+
+} // namespace dom
+} // namespace mozilla

dom/base/FuzzingFunctions.h

@@ -0,0 +1,28 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_dom_FuzzingFunctions
+#define mozilla_dom_FuzzingFunctions
+
+namespace mozilla {
+namespace dom {
+
+class GlobalObject;
+
+class FuzzingFunctions final
+{
+public:
+  static void
+  GarbageCollect(const GlobalObject&);
+
+  static void
+  CycleCollect(const GlobalObject&);
+};
+
+} // namespace dom
+} // namespace mozilla
+
+#endif // mozilla_dom_FuzzingFunctions

dom/base/moz.build

@@ -213,6 +213,11 @@ EXPORTS.mozilla.dom += [
     'WindowOrientationObserver.h',
 ]
 
+if CONFIG['FUZZING']:
+    EXPORTS.mozilla.dom += [
+        'FuzzingFunctions.h',
+    ]
+
 UNIFIED_SOURCES += [
     'AnonymousContent.cpp',
     'Attr.cpp',
@@ -360,6 +365,11 @@ if CONFIG['MOZ_WEBRTC']:
         'nsDOMDataChannel.cpp',
     ]
 
+if CONFIG['FUZZING']:
+    UNIFIED_SOURCES += [
+        'FuzzingFunctions.cpp',
+    ]
+
 # these files couldn't be in UNIFIED_SOURCES for now for reasons given below:
 SOURCES += [
     # Several conflicts with other bindings.

dom/bindings/Bindings.conf

@@ -430,6 +430,13 @@ DOMInterfaces = {
     'wrapperCache': False,
 },
 
+'FuzzingFunctions': {
+    # The codegen is dumb, and doesn't understand that this interface is only a
+    # collection of static methods, so we have this `concrete: False` hack.
+    'concrete': False,
+    'headerFile': 'mozilla/dom/FuzzingFunctions.h',
+},
+
 'Geolocation': {
     'headerFile': 'nsGeolocation.h'
 },

dom/webidl/FuzzingFunctions.webidl

@@ -0,0 +1,24 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+/*
+ * Various functions useful for automated fuzzing that are enabled
+ * only in --enable-fuzzing builds, because they may be dangerous to
+ * enable on untrusted pages.
+*/
+
+[Pref="fuzzing.enabled"]
+interface FuzzingFunctions {
+  /**
+   * Synchronously perform a garbage collection.
+   */
+  static void garbageCollect();
+
+  /**
+   * Synchronously perform a cycle collection.
+   */
+  static void cycleCollect();
+};

dom/webidl/moz.build

@@ -1053,6 +1053,11 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gonk':
         'InstallTrigger.webidl',
     ]
 
+if CONFIG['FUZZING']:
+    WEBIDL_FILES += [
+        'FuzzingFunctions.webidl',
+    ]
+
 GENERATED_EVENTS_WEBIDL_FILES = [
     'AddonEvent.webidl',
     'AnimationPlaybackEvent.webidl',